In conditional access devices for pay television, or any other device using memory and requiring security, there is a need to provide flash memory but to avoid hacking. Hacking is the unauthorized placing of software in memory to override security features. A known way of attempting to prevent hacking is to use some form of checking instructed by ROM memory to ensure that an application code stored in flash memory is correct. Such a device is shown in FIG. 1.
A flash memory 2 has a boot sector 6 and an application sector 16. A CPU 10 is arranged to run application code from the flash memory 2 retrieved over an interface 12 via bus 8 EMI 20 and bus 18. The security is provided by the CPU 10 booting from a boot ROM 3 which contains code to check the boot sector 6 of the flash memory. This is done once by the CPU producing a function of the code in the boot sector and comparing with a stored signature on startup. The CPU then jumps to the code in the boot sector 6 if it passes the check. However, it is now known that there is a relatively simple way of hacking such a security arrangement. When the CPU 10 boots up using code from the ROM 3, the CPU checks that the code in the boot sector 6 is correct. The weakness is that the process of power on, CPU boot and checking the flash takes a predictable number of clock cycles of the CPU clock. Thus, to hack the system, a hacker places code in an unchecked part of the flash memory 2 and forces the CPU to read from that part of the memory after a predetermined number of clock cycles by fixing an external address line.
The CPU 10 thereafter runs from unchecked code and no further checks are conducted, because the verification of code is only conducted on boot up from the ROM 3.